Cisco Brings Assurance and Analytics to Intent-Based Networking

At its the Cisco Live EU event in Barcelona on Jan. 30, Cisco announced the next stage of its network-intuitive, intent-based networking strategy. New capabilities include the Cisco Network Assurance Engine for network verification and the Cisco DNA Center Assurance technology.

The first stage of intent-based networking was announced in June 2017. The promise of intent-based networking is a more automated networking infrastructure that can operate more efficiently than a traditional networking model.

"When we announced intent-based networking in June, we were predominately focused on the access side and how we can simplify network operations," Prashanth Shenoy, vice president of marketing enterprise networking and mobility, told EnterpriseNetworkingPlanet. "Now we're taking the next step forward to show how you can assure that network intent is being met."

Shenoy explained that the initial intent-based networking rollout provided capabilities to enable enterprise to translate customer intention into a set of automated network policies and applying those changes across a networking infrastructure. Cisco is now adding additional context to intent-based networking that can provide assurance for network operations.

Cisco Network Assurance Engine

One way that to make sure that a network is working as it should is via continuous verification, which is where the new Cisco Network Assurance Engine comes into play.

"The problem we're going after is the ability to proactively ensure intent is valid," Sundar Iyer, Distinguished Engineer at Cisco, told EnterpriseNetworkingPlanet.

Iyer said that in many cases network operations are reactive, with change management and troubleshooting often occurring after an action has taken place. He added that the goal with the Cisco Network Assurance Engine is to have a surgical approach to the challenge of change management.

"Almost everything you do in a network today from a control and management perspective is written in a protocol," Iyer said.

Iyer said that it is possible to build a precise model for how a network actually works and that with the Cisco Network Assurance Engine it is possible to predict the behavior of a network before issues occur in the real world deployment.

"What we do with the mathematical models behind Network Assurance, is we don't wait for traffic to flow between endpoints," Iyer said.

One particular area where the Cisco Network Assurance Engine will be able to help is with TCAM (ternary content-addressable memory), which is where security policies reside in hardware. Iyer said in one customer use case up to 30 percent of the policies stored in a TCAM could be removed as they overlapped with other policies, which was revealed through the Network Assurance Engine.

In its first iteration, the Network Assurance Engine has a limited sandbox where changes can be viewed and understood before they are implemented in the live production network. Iyer said that Cisco is working on a more advanced sandbox that can operate within a production fabric.

DNA Center Assurance

Cisco also announced its new DNA (Digital Network Architecture) Center Assurance technology which further extends the intent-based networking model. DNA Center is Cisco's single dashboard for enterprise network health that helps to provide provisioning capabilities.

With DNA Center Assurance, Cisco is adding problem isolation capabilities to help determine where issues are located. DNA Center Assurance now also provides a network time-travel capability that allows operates to store and retrieve configuration and network information from a given point in time. The system can save network information for up to 14 days.

Sean Michael Kerner is a senior editor at EnterpriseNetworkingPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.